Skip to content

Commit ca13e57

Browse files
committed
addressed comments
1 parent 0b983ae commit ca13e57

3 files changed

Lines changed: 58 additions & 58 deletions

File tree

tests/e2e/features/environment.py

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -504,14 +504,6 @@ def before_feature(context: Context, feature: Feature) -> None:
504504
switch_config(context.feature_config)
505505
restart_container("lightspeed-stack")
506506

507-
if "TLS" in feature.tags:
508-
mode_dir = "library-mode" if context.is_library_mode else "server-mode"
509-
context.feature_config = (
510-
f"tests/e2e/configuration/{mode_dir}/lightspeed-stack-tls.yaml"
511-
)
512-
context.default_config_backup = create_config_backup("lightspeed-stack.yaml")
513-
switch_config(context.feature_config)
514-
515507

516508
def after_feature(context: Context, feature: Feature) -> None:
517509
"""Run after each feature file is exercised.
@@ -560,12 +552,14 @@ def after_feature(context: Context, feature: Feature) -> None:
560552
restart_container("lightspeed-stack")
561553
remove_config_backup(context.default_config_backup)
562554

563-
if "TLS" in feature.tags:
555+
# Restore Lightspeed Stack config if TLS Background step switched it
556+
if getattr(context, "tls_config_active", False):
564557
switch_config(context.default_config_backup)
565558
remove_config_backup(context.default_config_backup)
566559
if not context.is_library_mode:
567560
restart_container("llama-stack")
568561
restart_container("lightspeed-stack")
562+
context.tls_config_active = False
569563

570564
# Clean up any proxy servers left from the last scenario
571565
if hasattr(context, "tunnel_proxy") or hasattr(context, "interception_proxy"):

tests/e2e/features/steps/tls.py

Lines changed: 54 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,18 @@
1616
from behave import given # pyright: ignore[reportAttributeAccessIssue]
1717
from behave.runner import Context
1818

19+
from tests.e2e.utils.utils import (
20+
create_config_backup,
21+
restart_container,
22+
switch_config,
23+
)
24+
1925
# Llama Stack config — mounted into the container from the host
2026
_LLAMA_STACK_CONFIG = "run.yaml"
2127
_LLAMA_STACK_CONFIG_BACKUP = "run.yaml.tls-backup"
2228

29+
_LIGHTSPEED_STACK_CONFIG = "lightspeed-stack.yaml"
30+
2331

2432
def _load_llama_config() -> dict:
2533
"""Load the base Llama Stack run config.
@@ -97,10 +105,48 @@ def _backup_llama_config() -> None:
97105
shutil.copy(_LLAMA_STACK_CONFIG, _LLAMA_STACK_CONFIG_BACKUP)
98106

99107

108+
def _prepare_tls_provider() -> tuple[dict, dict]:
109+
"""Back up run.yaml, load it, ensure the TLS provider exists, and init network config.
110+
111+
Returns:
112+
A tuple of (full config dict, provider's network config dict).
113+
"""
114+
_backup_llama_config()
115+
config = _load_llama_config()
116+
provider = _ensure_tls_provider(config)
117+
provider.setdefault("config", {}).setdefault("network", {})
118+
return config, provider
119+
120+
121+
# --- Background Steps ---
122+
# Restart steps ("The original Llama Stack config is restored if modified",
123+
# "Llama Stack is restarted", "Lightspeed Stack is restarted") are defined in
124+
# proxy.py and shared across features by behave.
125+
126+
127+
@given("Lightspeed Stack is configured for TLS testing")
128+
def configure_lightspeed_for_tls(context: Context) -> None:
129+
"""Switch lightspeed-stack.yaml to the TLS test configuration.
130+
131+
Backs up the current config and switches to the TLS variant that sets
132+
default_provider to tls-openai and default_model to mock-tls-model.
133+
The backup is restored in after_scenario via the shared restore step.
134+
135+
Parameters:
136+
context: Behave test context.
137+
"""
138+
mode_dir = "library-mode" if context.is_library_mode else "server-mode"
139+
tls_config = f"tests/e2e/configuration/{mode_dir}/lightspeed-stack-tls.yaml"
140+
141+
if not hasattr(context, "default_config_backup"):
142+
context.default_config_backup = create_config_backup(_LIGHTSPEED_STACK_CONFIG)
143+
144+
switch_config(tls_config)
145+
restart_container("lightspeed-stack")
146+
context.tls_config_active = True
147+
148+
100149
# --- TLS Configuration Steps ---
101-
# Background/restart steps ("The original Llama Stack config is restored if
102-
# modified", "Llama Stack is restarted", "Lightspeed Stack is restarted") are
103-
# defined in proxy.py and shared across features by behave.
104150

105151

106152
@given("Llama Stack is configured with TLS verification disabled")
@@ -110,15 +156,7 @@ def configure_tls_verify_false(context: Context) -> None:
110156
Parameters:
111157
context: Behave test context.
112158
"""
113-
_backup_llama_config()
114-
config = _load_llama_config()
115-
provider = _ensure_tls_provider(config)
116-
117-
if "config" not in provider:
118-
provider["config"] = {}
119-
if "network" not in provider["config"]:
120-
provider["config"]["network"] = {}
121-
159+
config, provider = _prepare_tls_provider()
122160
provider["config"]["network"]["tls"] = {"verify": False}
123161
_write_config(config, _LLAMA_STACK_CONFIG)
124162

@@ -130,15 +168,7 @@ def configure_tls_verify_ca(context: Context) -> None:
130168
Parameters:
131169
context: Behave test context.
132170
"""
133-
_backup_llama_config()
134-
config = _load_llama_config()
135-
provider = _ensure_tls_provider(config)
136-
137-
if "config" not in provider:
138-
provider["config"] = {}
139-
if "network" not in provider["config"]:
140-
provider["config"]["network"] = {}
141-
171+
config, provider = _prepare_tls_provider()
142172
provider["config"]["network"]["tls"] = {
143173
"verify": "/certs/ca.crt",
144174
"min_version": "TLSv1.2",
@@ -155,15 +185,7 @@ def configure_tls_verify_true(context: Context) -> None:
155185
Parameters:
156186
context: Behave test context.
157187
"""
158-
_backup_llama_config()
159-
config = _load_llama_config()
160-
provider = _ensure_tls_provider(config)
161-
162-
if "config" not in provider:
163-
provider["config"] = {}
164-
if "network" not in provider["config"]:
165-
provider["config"]["network"] = {}
166-
188+
config, provider = _prepare_tls_provider()
167189
provider["config"]["network"]["tls"] = {"verify": True}
168190
_write_config(config, _LLAMA_STACK_CONFIG)
169191

@@ -175,14 +197,7 @@ def configure_tls_mtls(context: Context) -> None:
175197
Parameters:
176198
context: Behave test context.
177199
"""
178-
_backup_llama_config()
179-
config = _load_llama_config()
180-
provider = _ensure_tls_provider(config)
181-
182-
if "config" not in provider:
183-
provider["config"] = {}
184-
if "network" not in provider["config"]:
185-
provider["config"]["network"] = {}
200+
config, provider = _prepare_tls_provider()
186201

187202
# Update base_url to use the mTLS server port
188203
provider["config"]["base_url"] = "https://mock-tls-inference:8444/v1"
@@ -203,15 +218,7 @@ def configure_tls_min_version(context: Context, version: str) -> None:
203218
context: Behave test context.
204219
version: The TLS version (e.g., "TLSv1.2", "TLSv1.3").
205220
"""
206-
_backup_llama_config()
207-
config = _load_llama_config()
208-
provider = _ensure_tls_provider(config)
209-
210-
if "config" not in provider:
211-
provider["config"] = {}
212-
if "network" not in provider["config"]:
213-
provider["config"]["network"] = {}
214-
221+
config, provider = _prepare_tls_provider()
215222
provider["config"]["network"]["tls"] = {
216223
"verify": "/certs/ca.crt",
217224
"min_version": version,

tests/e2e/features/tls.feature

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,11 @@
1-
@skip-in-library-mode
2-
@TLS
31
Feature: TLS configuration for remote inference providers
42
Validate that Llama Stack's NetworkConfig.tls settings are applied correctly
53
when connecting to a remote inference provider over HTTPS.
64

75
Background:
86
Given The service is started locally
97
And REST API service prefix is /v1
8+
And Lightspeed Stack is configured for TLS testing
109
And The original Llama Stack config is restored if modified
1110

1211
Scenario: Inference succeeds with TLS verification disabled

0 commit comments

Comments
 (0)